Oracle has informed clients of a second cybersecurity breach in which a hacker stole old client log-in credentials from its systems. The stolen data, which includes credentials from as recently as 2024, is being investigated by the FBI and cybersecurity firm CrowdStrike, with the company assuring clients that the compromised system has not been in use for eight years, minimizing the risk.

A China-linked hacking group known as Salt Typhoon has successfully breached the satellite communications firm Viasat. This incident highlights the ongoing risks to critical infrastructure from state-sponsored cyber threats, particularly in the context of geopolitical tensions.

A 21-year-old hacker was arrested in Spain for illegally accessing a government website to alter high school and university entrance exam grades for himself and classmates. The suspect, with a history of hacking, compromised accounts of at least 13 university professors and had a notebook detailing manipulated grades, leading to increased security measures on the educational platform used in the region.

The UNC2891 hacking group, known as LightBasin, utilized a 4G-equipped Raspberry Pi to infiltrate a bank's network, aiming to commit ATM fraud. Although their attempt to deploy a sophisticated rootkit named Caketap was thwarted, the attack showcased advanced techniques for maintaining stealth and lateral movement within the bank's systems.

A hacking group has reportedly stolen over 1 billion records from Salesforce customer databases, raising significant concerns about data security and the potential repercussions for affected companies. The breach underscores the vulnerabilities in cloud services and the ongoing threat posed by cybercriminals.

Wallets can indeed be hacked, posing significant risks to digital asset security. Users must be aware of vulnerabilities in wallets and take necessary precautions to protect their funds from potential breaches and theft.

A 27-year-old former student of Western Sydney University has been arrested for allegedly hacking the university's systems to obtain cheaper parking and access confidential data, affecting hundreds of staff and students. Birdie Kingston faces 20 charges, including unauthorized access and data theft, and is accused of stealing over 100GB of data and manipulating academic records. Despite prior warnings from police, she continued her hacking activities, even threatening to sell stolen student information on the dark web.

Security vulnerabilities in a carmaker's web portal allowed a hacker to remotely unlock vehicles from anywhere, raising serious concerns about the security of connected car technologies. The breach highlights the need for stronger cybersecurity measures in the automotive industry to protect consumer data and vehicle safety.

Recent attacks linked to Chinese hacking groups have exploited a zero-day vulnerability in Microsoft SharePoint, breaching numerous organizations globally. The vulnerabilities, identified as CVE-2025-49706 and CVE-2025-49704, were actively targeted by multiple threat actors, prompting Microsoft and CISA to release emergency patches and recommend immediate action for affected entities.

The web article discusses the alarming prevalence of weak passwords in the auto industry, highlighting how many smart cars are still using easily guessable passwords. This vulnerability poses significant security risks, as hackers could exploit these weaknesses to gain unauthorized access to vehicles and their systems.

Rachel Tobac, a cyber social engineer, discusses the art of persuasion in social engineering, emphasizing its dual nature as both a beneficial and deceptive practice. She explains how social engineers manipulate psychological principles to exploit human vulnerabilities, making it a sophisticated form of hacking that is often misunderstood.

A hacking group named Lab Dookhtegan has reportedly disrupted communications of Iranian ships, indicating a significant cyber attack on maritime operations. This incident highlights ongoing tensions and the increasing use of cyber warfare tactics in geopolitical conflicts.

Nippon Steel Solutions has reported a data breach caused by the exploitation of a zero-day vulnerability in their network equipment. Cybercriminals threatened to leak stolen data, but subsequently ceased communication, leaving uncertainty about the breach's details and any potential connection to other incidents.

Russian government hackers are reportedly behind a significant breach of the U.S. federal court filing system, raising concerns over the security of sensitive legal documents. The attack highlights the vulnerabilities in critical infrastructure and the ongoing threat posed by state-sponsored cyber activities. Investigations are underway to assess the extent of the damage and potential implications for national security.

North Korean hacking group Kimsuky has experienced a significant data breach after two ethical hackers, known as 'Saber' and 'cyb0rg,' leaked 8.9GB of the group's data, exposing their tools and stolen information. The hackers criticized Kimsuky for its politically motivated cyber activities and claimed their actions were aimed at revealing the group's unethical practices. This breach may complicate Kimsuky's operations and disrupt their ongoing campaigns, although its long-term impact remains uncertain.

Two Dutch teenagers, aged 17, were arrested for attempting to spy on Europol and Eurojust for Russia using WiFi sniffer devices. They were recruited via Telegram and apprehended following a tip from the Dutch intelligence service, with no compromise to Europol's systems reported. The case highlights a concerning trend of young individuals being targeted for espionage activities in Europe.

A new startup focused on zero-day vulnerabilities is offering $20 million for tools that can successfully hack any smartphone. This initiative aims to attract skilled hackers to enhance cybersecurity solutions amidst increasing smartphone security challenges.

Over 40,000 security cameras worldwide are accessible via the internet, allowing potential hackers to exploit them for spying and other malicious activities. The cybersecurity firm Bitsight warns that these cameras, often used in homes and small offices, are at risk due to inadequate security measures, making them targets for cyberattacks. Users are advised to implement stronger security practices to protect their devices.

The article discusses insights from a telecom executive regarding the Salt Typhoon hacking group, emphasizing how their unconventional techniques are inspiring other hackers. It highlights the evolving tactics in cyberattacks and the implications for security in the telecommunications sector.

The article discusses Xanthorox AI, a comprehensive hacking assistant designed for various cyber operations. It highlights its capabilities in navigating the dark web and performing full-spectrum hacking tasks, emphasizing its potential use by both ethical hackers and malicious actors. The implications of such a tool on cybersecurity and the ethical considerations surrounding its use are also touched upon.

The article discusses a report released by Anthropic, which highlights the growing threats posed by artificial intelligence in the realm of cybersecurity. It emphasizes the potential for AI to be used in hacking and other malicious activities, urging for better frameworks to mitigate these risks. The report outlines various scenarios where AI could exacerbate security challenges in the digital landscape.

Hackers are exploiting a vulnerability in domain name system (DNS) records to hide malware, allowing malicious scripts to fetch binaries without detection by traditional security measures. Researchers from DomainTools discovered that malware was encoded in hexadecimal and distributed across multiple subdomains, enabling retrieval through seemingly harmless DNS requests. As encrypted DNS methods like DOH and DOT gain traction, monitoring this type of traffic may become even more challenging.

The article discusses a report on the malware traffic associated with the notorious Los Pollos Hermanos network. It highlights the methods used by cybercriminals to exploit vulnerabilities and distribute malicious software, shedding light on the ongoing challenges in cybersecurity. The findings underscore the importance of vigilance and proactive measures in combating such threats.

Conor Brian Fitzpatrick, the creator of the BreachForums hacking forum, has been resentenced to three years in prison after violating pretrial release conditions and pleading guilty to multiple charges, including conspiracy to commit access device fraud and possession of child pornography. His initial sentence of time served and 20 years of supervised release was overturned by an appeals court, leading to the new prison term. BreachForums was known for facilitating the trade of stolen data and illegal cybercrime services.

A hacker successfully executed a voice phishing attack targeting Cisco customers, managing to steal their personal information. This incident highlights the ongoing risks associated with social engineering tactics in cybersecurity. Cisco has urged its clients to remain vigilant against such fraudulent schemes.

Google confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) but assured that no data was accessed. The group "Scattered Lapsus$ Hunters" claimed access to both LERS and the FBI's eCheck system, raising concerns over potential impersonation and unauthorized data access. Cybersecurity experts believe the group may continue their activities despite claims of going dark.

Government minister Lucy Powell's X account was hacked to promote a cryptocurrency scam named "$HCC". The incident highlights a growing trend of cybercriminals targeting high-profile accounts to sell worthless coins, with efforts already made by Powell's office to secure her account and remove misleading posts.

Nicholas Michael Kloster, a Kansas City resident, has admitted to hacking multiple organizations to promote his cybersecurity services. He was charged with accessing a protected computer and causing reckless damage during unauthorized access.

Researchers from SquareX have demonstrated a method to bypass passkey security using WebAuthn process manipulation, allowing attackers to impersonate users without needing access to their devices. This vulnerability highlights risks associated with compromised browser environments rather than the cryptography of passkeys themselves.

Clorox has filed a lawsuit against its IT provider, Cognizant, claiming that hackers accessed employee passwords through basic social engineering tactics. The lawsuit alleges that Cognizant failed to manage cybersecurity effectively and allowed unauthorized access to Clorox's network. Cognizant counters that it only provided limited help desk services and is not responsible for the cybersecurity breach.

An attempt to create an autonomous AI pentester revealed significant limitations in AI's capability to effectively perform offensive security tasks. Despite its potential for planning and executing complex strategies, the AI struggled with accuracy and lacked the critical intuition and drive that human hackers possess. The project ultimately highlighted the importance of combining AI's strengths with human creativity and critical thinking in cybersecurity.

The hacking group known as Scattered Spider, which previously caused significant disruption in Las Vegas, has returned to target U.K. retailers. Recent cyberattacks have impacted stores like Harrods and Marks & Spencer, leading to disruptions in online sales and potential customer data theft.

The article discusses methods for exploiting vulnerabilities in Windows drivers, aimed at beginners interested in cybersecurity and hacking. It provides insights into the process of weaponizing these drivers to gain unauthorized access or control over systems. This serves as a foundational guide for those looking to understand the intricacies of driver manipulation in the context of malicious activities.

John Kindervag, creator of the Zero Trust Model, discusses an evolved understanding of hacking that contrasts with traditional views. He emphasizes that motivations for hacking are shaped by sociological, historical, and technological contexts, suggesting that today’s perception of hackers is too narrow and often overlooks their innovative potential.

Hackers are compromising end-of-life SonicWall Secure Mobile Access appliances, exploiting leaked administrator credentials and potentially using a custom backdoor malware called Overstep. Google’s Threat Intelligence Group urges organizations to analyze their devices for signs of compromise, as many details about the attacks and vulnerabilities remain unclear.

Radiology Associates of Richmond has reported a data breach affecting over 1.4 million individuals, with hackers accessing their systems for several days in April 2024. The compromised systems contained identifiable protected health and personal information.

Coinbase reported that hackers bribed overseas support agents to steal customer data, leading to potential costs of up to $400 million. The company received a ransom demand of $20 million but has refused to pay, instead offering a reward for information on the attackers. While sensitive customer information was accessed, no passwords or funds were compromised.

Over 624,000 individuals were notified of a data breach at Healthcare Services Group, where personal information, including Social Security numbers and financial details, was stolen. The breach occurred between September 27 and October 3, 2024, and was identified on October 7, 2024.

Matthew D. Lane, a 19-year-old college student, was sentenced to four years in prison for his role in a cyberattack on PowerSchool that led to a significant data breach affecting millions of students and teachers. He pleaded guilty to multiple charges, including unauthorized access and cyber extortion, and was ordered to pay $14 million in restitution. The attack involved stealing sensitive data and demanding a ransom, with ongoing legal scrutiny surrounding PowerSchool's security practices.

Sesame Street's Elmo account was hacked, leading to the posting of offensive racist and antisemitic content. The incident raised concerns about cybersecurity and the potential risks associated with social media accounts of popular children's characters. Immediate actions were taken to secure the account and address the situation.

Critical vulnerabilities in the BlueSDK Bluetooth stack could allow remote code execution on millions of vehicles, enabling hackers to gain access to car infotainment systems. The PerfektBlue attack can track locations, record audio, and potentially control vehicle functions by exploiting these flaws.

The Trump administration plans to allocate $1 billion for offensive hacking operations aimed at enhancing national security and cyber capabilities. This funding is part of a broader strategy to deter foreign cyber threats and bolster the U.S.'s offensive cyber capabilities. The initiative is expected to involve collaborations with private tech firms and intelligence agencies.

The article discusses Paul Hudson's initiative to teach kids aged 13 and up how to hack in a safe and engaging way through a game called Hacktivate. This game features 240 "capture the flag" challenges that cover various hacking techniques and computer science skills, aiming to inspire curiosity and provide structured learning in cybersecurity. Hudson emphasizes the importance of making hacking education exciting and accessible while addressing common issues found in existing learning materials.

The article discusses a security vulnerability found in the FIA's driver categorization portal, which allowed hackers to gain unauthorized admin access by exploiting a flaw in the HTTP PUT request process. The authors successfully manipulated their user profile to assume administrative roles, revealing sensitive information and control over the FIA's system. This piece is part of a series highlighting cybersecurity issues in Formula 1.